Design goals for security

Beckhoff Industrial PC (IPC) hardware is designed for general use like a normal PC for office environments, but with considerable additional robustness for use in industrial environments. The complete board is designed for reliable and highly deterministic operation in such environments. Nevertheless, the hardware supports universal operating systems such as Windows® and TwinCAT/BSD®, which is based on FreeBSD^®. As a result, the hardware is designed to support conventional and office IT-compliant security mechanisms as provided by the operating systems. The person who integrates the IPC into an operating environment is responsible for configuring these security functions for the respective environment accordingly. This person must also provide the operator with instructions for secure use. Such configuration and usage guidelines should be the result of a holistic security concept for the respective environment or conform to it.

Beckhoff IPCs can be ordered with or without an operating system. Windows 10, Windows 11 and TwinCAT/BSD are available under these operating systems. Unless expressly ordered otherwise, these are provided as "Secure by Default". This means that only certain services are enabled by default so that all access to the device is authenticated and the only preconfigured user has administrative access. For historical reasons, the preconfigured user is "Administrator". Beckhoff offers two pre-installed versions of the operating system images on the IPC: In one variant, a random password is pre-set for "Administrator", which can be read from a label on the device. In the second version, the documented known password is preconfigured for this purpose. Please note the following: The latter is not "Secure by Default" with regard to the requirements of some environments, while it is well suited for others.

The operating systems mentioned are not developed by Beckhoff. The basis of the Windows 10 and Windows 11 images from Beckhoff is developed and maintained by the Microsoft Corporation. The basis of TwinCAT/BSD is developed and maintained by "The FreeBSD® Project". Both have been recognized for decades for their security functions for use in office and server environments. They contain and offer advanced security functions. Certain environments and applications have specific requirements for the configuration and use of these security functions. Since Beckhoff provides the operating systems mentioned for general use and does not wish to restrict which applications are implemented with them, Beckhoff cannot foresee the specific security requirements resulting from the respective use or integration. Instructions for secure configuration and use must therefore be created by the person who integrates the operating system into an environment for a specific use. Nevertheless, Beckhoff provides instructions for the secure use of the IPC and its operating system in this guide. These instructions are to be understood as general information and not as a complete and sufficient reference. The developers of the operating systems provide complete documentation for the security functions of the operating systems.

Beckhoff has developed extensions for these operating systems, in particular to optimize the deterministic behavior of the operating system for use with real-time applications in the automation industry. The extensions are integrated into the operating system images distributed by Beckhoff. The main objective in the development of these extensions is robustness and determinism for increased availability. Nevertheless, Beckhoff ensures that these extensions do not impair the basic security functions of the operating system, unless otherwise specified.

Beckhoff distributes a wide variety of software products. One example is the product "TwinCAT 3.1 - eXtended Automation Runtime (XAR)", or TwinCAT 3.1 XAR for short. This can be ordered pre-installed as part of the operating system on some IPCs. The main purpose of this special software is to provide a deterministic and robust but highly customizable runtime for automation applications. When installed on an IPC, it turns this device into a Programmable Logic Control (PLC). In addition to availability (through robustness and determinism), the software was equipped with perimeter security during its development. This means that it can be configured and used to securely authenticate access via the protocols implemented by TwinCAT 3.1 XAR. With this perimeter security, the IPC's network interfaces mark the boundary. The security risk identified by Beckhoff for this type of security is that an unauthorized user gains access to the IPC via the protocols implemented by TwinCAT 3.1 XAR. For historical reasons and due to backward compatibility, TwinCAT 3.1 XAR still provides protocols that do not perform authentication before such access. Some IPCs with pre-installed TwinCAT 3.1 XAR have a configuration for TwinCAT 3.1 XAR, which is secure by default. This means that this standard configuration only activates secure TwinCAT 3.1 XAR protocols. Please note that many IPCs that are delivered with pre-installed TwinCAT 3.1 XAR do not have a secure configuration by default for reasons of backward compatibility. This security guide contains a complete list of the protocols supported by TwinCAT 3.1 XAR and provides information on which protocols are secure, see: Important TCP/UDP ports. Separate documentation and instructions are available for the other software products. Please note the following: The latter also applies to TwinCAT functions that can be added to TwinCAT 3.1 XAR via a separate installer.